Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

ERR files keep coming back after cleaning

Created: 14 Oct 2013 • Updated: 15 Oct 2013 | 4 comments
ThaveshinP's picture
This issue has been solved. See solution.

Noticed this morning that err files are being generated under the logs folder. After cleaning, the ERR files reappear again . What can I check or do to see why the ERR files are being generated.  I have this issue on 2 environments (11Ru7mp2 and 12ru3).

What can I check with the DB Admin to troubleshoot - also could it be that the SEPM's cant handle the load? Running 2 SEPM's per version. SQL version= 2012 SQL database.

Comments 4 CommentsJump to latest comment

James007's picture

Hi,

That issue are fixed in SEP 12.1.3

Files with .err extension are not cleaned up

Fix ID: 2767546

Symptom: The Symantec Endpoint Protection Manager produces files with the .err extension but does not clean them up. This causes the Symantec Endpoint Protection Manager to miss the parsing of events.

Solution: Fixed the code to bypass the error. Symantec Endpoint Protection Manager continues to process the log and record the error line

 

New fixes and features in Symantec Endpoint Protection 12.1.3

 

Article:TECH206828 | Created: 2013-06-03 | Updated: 2013-06-18 | Article URL http://www.symantec.com/docs/TECH206828

If issue still present you can contact symantec support

ThaveshinP's picture

So does this mean that the logs still get processed but I still have to manually remove the ERR files?

Also, why is it happening on SEP 11 - ?

ThaveshinP's picture

How do I know that the ERR files have been processed anyways and not losing vital AV data?

A. Wesker's picture

Hi ThavenshinP,

Basically the threads come up with an appropriate format (.tmp, .dat).

It switch to .err when they failed to be processed at time by bcp.exe or due to lack of perform from your SQL server.

It can also happen when they were queued and not processed after a while.

They can be cleaned up once they get this .err format without stopping any services.

How many managed clients you have so far ?

As you're using a dedicated SQL Server for your SEPM database, I supposed you have a large quantity of managed clients.

Ensure to optimize the communication settings for all your managed clients in consequence.

Increase the HeartBeat interval and switch to Pull mode as well.

If the Heartbeat Interval is too low it might be the reasons why bcp.exe and your SQL Server struggle to process of the SEP clients threads at time.

 

Kind regards,

A. Wesker

SOLUTION